LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS
dn: cn=groupA,ou=groups,dc=example,dc=com
cn: groupA
Run the following commands to unset the LDAP_BINDDN and LDAP_BINDCRED environment
variables.
unset LDAP_BINDDN
unset LDAP_BINDCRED
9.3.5 The ldapugadd tool
You can use the ldapugadd tool to add new POSIX accounts and groups to an LDAP directory
server (as noted by the first and second syntaxes in Section 9.3.5.2 (page 297)). You can use
ldapugadd to modify the /etc/opt/ldapux/ldapug.conf file to set defaults for creation of
new users or groups (as noted by the third syntax, Section 9.3.5.2 (page 297)).
The ldapugadd tool uses user and group template files that enable it to conform to the information
model used for the types of entries being created. To use ldapugadd, you must provide LDAP
administrator credentials that have sufficient privilege to perform the user or group add operation
in the LDAP directory server.
This tool provides command-line options that enable you to add the following information to the
user or group entry:
For POSIX accounts
• User's full name
• User ID (account name)
• User ID number
• User password
• Primary group membership
• Home directory
• Login shell
• Gecos
• Comments
For POSIX groups
• Group ID (group name)
• Group ID number
• Group members
LDAP-UX supports a local LDAP User and Group (UG) configuration file,
/etc/opt/ldapux/ldapug.conf. The ldapugadd tool uses the ldapug.conf file to manage
the default values for the configuration parameters, uidNumber_range, gidNumber_range,
user_gidNumber, default_homeDirectory and default_loginShell. The ldapugadd
tool uses these values when creating new user and group entries in an LDAP directory server if a
command-line option is not provided for that specific value. You can use the ldapugadd -D
command to change the value defined in the ldapug.conf file. See Section 9.3.5.5 (page 305)
for more information.
Template files are required by the ldapugadd tool. These template files define the data required
to create new user and group entries and enable ldapugadd to discover required attributes.
Because each organization might have different required data models for user and group entries
(LDAP directory servers allow for a variety of attributes to be stored in user and group entries),
these templates may define arbitrary data models beyond just the required POSIX attributes. Before
creating new entries, applications can use the ldapcfinfo tool to discover the attributes required
296 Command and tool reference